19 matches found
CVE-2025-52632
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
EUVD-2021-21879
Malware in sbrugna...
EUVD-2017-10335
Malware in sbrugna...
EUVD-2010-5107
Malware in sbrugna...
Security Bulletin: IBM Predictive Maintenance and Quality (PMQ) UI: Missing Secure Attribute in Encrypted Session (SSL) Cookie (CVE-2020-4423)
Summary PMQ UI web application sends non-secure cookies over SSL. It may be possible to steal user and session information cookies that was sent during an encrypted session. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...
CVE-2021-35236
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...
Design/Logic Flaw
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...
CVE-2021-35236
Kiwi Syslog Server 9.7.2 and earlier is affected by CVE-2021-35236 due to the SSL cookie lacking the Secure attribute, allowing the cookie to be sent over unencrypted HTTP where the application is reachable via HTTP+HTTPS. The root cause is an unsecured Secure flag on the cookie, which can lead t...
CVE-2021-35236 Missing Secure Flag From SSL Cookie
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...
PT-2021-20858 · Unknown · Kiwi Syslog Server
Name of the Vulnerable Software and Affected Versions: Kiwi Syslog Server versions 9.7.2 and earlier Description: The Secure flag is not set in the SSL Cookie, which means the cookie can be sent over unencrypted requests if the application is accessible over both HTTP and HTTPS. This poses a risk...
CVE-2016-11076
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL...
CVE-2016-11076
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL...
Security Bulletin: Security Vulnerabilties exist in IBM Cognos Controller
Summary Security Vulnerabilities exist in IBM Cognos Controller. When performing security testing, you might encounter a "Missing Secure Attribute in Encrypted Session SSL Cookie" error message. IBM Cognos Controller versions 10.4.1, 10.4.0, 10.3.1 and 10.3.0, by default, do not have this setting...
Mail.ru: ssl cookkie without secure flag set
Based on this report, decision was made to add SSL flag for session cookie and HSTS header for lootdog.io. Usually, HTTPS/SSL configuration reports are only accepted for Main Scope, this report was accepted/awarded as an exception...
SSL Cookie Without Secure Flag
pcs is vulnerable to SSL cookie without secure flag. The vulnerability exists as the pcs daemon pcsd in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within ...
Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a missing secure attribute in the encrypted session (SSL) cookie (CVE-2017-1319)
Summary IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure attribute in encrypted session SSL cookie. Vulnerability Details CVEID: CVE-2017-1319 DESCRIPTION: IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure...
Code injection
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session SSL cookie. IBM X-Force ID: 125731...
Shopify: SSL cookie without secure flag set
hello shopify security team, I have found security vulnerability. Vulnerable URL :- https://app.shopify.com/services/signup/track/ The following cookie was issued by the application and does not have the secure flag set: signupsessionid=0875b12b680173807271e6c444a964e8; path=/; expires=Mon, 04 Ma...
Session fixation
Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session SSL cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...